Xbox 360:RGH

From ConsoleMods Wiki
Jump to navigation Jump to search
Exclamation-triangle-fill.svgThe steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering!


Reset Glitch Hack (RGH) is a hardware modification which allows you to run unsigned code, mods, game backups, and homebrew. The hack relies on a vulnerability in the hardware found by GliGli that is triggered by sending a reset pulse to the processor at a specific moment, resulting in a power glitch that causes a bootloader hash check to return "valid" no matter what you have flashed in place of the stock bootloader. The timing of when and how long the pulse should be sent is dependent on the console and it may take some tweaking until it "glitches" and boots.

The RGH variants are as follows:

  • RGH1 is compatible with Phat consoles on dashboard 14699 or lower. It uses CPU_PLL_BYPASS to slow down the CPU by 128x in order to precisely power glitch during a hash check on a bootloader.
  • RGH2 is for Slims (but also works for Non-Xenon Phats), which uses I2C slowdown instead of PLL slowdown, and works on any dashboard. However, it is considered more difficult to tune, and less consistent.
    • RGH2+ is the same as RGH2, except that the slowdown is sent by the southbridge, instead of the glitch chip. The glitch chip asserts a remapped GPIO pin to tell the southbridge when to send slowdown/speedup. It is exclusive to some Team Xecuter chips such as the CR4XL.
  • RGH1.2 combines RGH1-like PLL slowdown with Glitch2 images to allow reliable glitching of Falcon/Jasper consoles with split CB (post 14699 kernel) and works on any dashboard.
    • RGH1.2 V2 ports this hack to Slim consoles as well as fixing a few issues on Jaspers. It is also tuned better than the original RGH 1, thus being preferrable.
  • S-RGH (Speeded-Up RGH) is a tweaked and better version of RGH2 which is far more consistent and quick.
    • Project Muffin is similar to S-RGH, but i2C slowdown is handled by the south bridge instead of the glitch chip. It is not recommended, as it is essentially a less consistent method of glitching and does not boot as fast or consistently as S-RGH or Mufas.
    • Project Mufas is essentially a significantly tweaked and better version of Muffin to have more optimized and more reliable glitching.
  • EXT_CLK is similar to RGH 1.2, but uses the EXT_CLK_EN point instead of CPU_PLL_BYPASS to slow the CPU by roughly 10.6x. It is the best method for Xenon and Zephyr boards that have PLL-crash issues.
  • RGH3 is the newest RGH variant, and the first to work without a glitch chip by using the SMC in the south bridge to do the glitching instead. Works with Falcon/Jasper Phats and Slims, however it appears to be more reliable with Slims.

Requirements

Below are the minimum requirements to RGH your Xbox 360. It’s recommended to read ahead and choose the NAND reading method and glitch chip specific wiring method that’s right for you, as you will need a NAND programmer and potentially more equipment depending on which methods you choose.

  1. Be experienced in soldering. The Xbox 360 is not a good place to learn to solder. Regardless of which reading method you choose, you will need a soldering iron, solder, flux, and 28 AWG or 30 AWG wire (Solid core preferred). Specific recommendatons can be found on this page.
  2. Determine your motherboard model. All models are compatible except the Winchester motherboard. You can use Octal’s Identification Wizard or use the methods mentioned on the Getting Started page to determine your model .
    • Corona: Determine if 16 MB or 4 GB NAND model by turning on the console, navigating to System Settings > Storage, and checking whether the onboard storage unit is 16MB or 4GB. Also determine if you need to buy a postfix adapter using this diagram.
  3. Use the recommended exploit chart to determine what RGH version is best for your console.

Reading your NAND

4 GB Corona/Waitsburg/Stingray

4 GB Xbox 360 S/E SKUs made after mid 2011 use an MMC NAND (Corona) or eMMC chip (Waitsburg/Stingray/Winchester) and require different tools to dump and flash the NAND compared to the 16/64/256/512 MB NAND chips. These 4 GB consoles require that you use an xFlasher 360, PicoFlasher, Element18592's 4GB USB tool, or an SD card tool. Consider the pros and cons below and choose the method that’s right for you.

A guide on how to dump and write to a 4 GB NAND can be found here.

Device Pros Cons
xFlasher 360
  • Reads NAND fast in 40 seconds to 4 minutes
  • Can also program glitch chips
  • Actively supported
  • USB-C
  • More expensive than SD Card tools or PicoFlasher
PicoFlasher
  • Reads NAND in 1-8 minutes
  • Super cheap
  • Easy to find
  • You will need a programmer to program glitch chips
4GB USB Tool
  • Reads NAND fast in 40 seconds to 4 minutes
  • Cheap
  • You will need a programmer to program glitch chips
SD Card Tool (any brand)
  • Super cheap
  • Easy to find
  • You will need a programmer to flash glitch chips
  • Sometimes has spotty compatibility with SD card readers

All Other NAND Types

There are a few different tools for reading your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, PicoFlasher, various SD card tools, or a LPT cable. Consider the pros and cons below and choose the method that’s right for you. An LPT cable is not recommended as it's extremely slow, requires more work than other options, and cannot be used to program glitch chips.

A guide on how to dump and write to a standard NAND can be found here.

Device Pros Cons
xFlasher 360
  • Reads NAND fast in 40 seconds to 4 minutes
  • Can also program glitch chips
  • One of four options for 4GB Corona
  • Actively supported
  • USB-C
  • Uses signed drivers
  • Most expensive flasher
  • Can't be used for flashing Sonus Sounds
PicoFlasher
  • Reads NAND fast in 1-8 minutes
  • One of four options for 4GB Corona
  • One of the two options for Sonus or Slim sound programming
  • Super cheap
  • Easy to find
  • Uses signed drivers
  • Wire routing is more sensitive compared to other NAND flashers
JR Programmer
  • Reads NAND in 3-10 minutes
  • Can also program glitch chips
  • One of the two options for Sonus or Slim sound programming
  • Cheap
  • Easy to find
  • More expensive than PicoFlasher
  • Requires unsigned drivers
Nand-X
  • Reads NAND in 2-8 minutes
  • Can also program RGH glitch chips
  • More expensive than most NAND flashers
  • Not much cheaper than the xFlasher
  • Does not support 4GB Coronas
  • Requires unsigned drivers
  • Can't be used for flashing Sonus Sounds
Matrix USB NAND Flasher
  • Reads NAND in 7-26 minutes
  • Super cheap
  • Can’t be used for programming glitch chips unless you modify it
  • Does not support 4GB Coronas
  • Requires unsigned drivers
  • Can't be used for flashing Sonus Sounds
LPT Cable
  • Cheap
  • Doesn't require unsigned drivers
  • Requires PC with a native parallel port and more equipment
  • More difficult
  • Can’t be used for programming glitch chips
  • Can't be used for flashing Sonus Sounds
  • Takes 30-150 minutes to read NANDs


RGH Wiring

RGH1

RGH1.2

RGH2

S-RGH

Project Mufas

EXT_CLK

RGH3

Retrieved from "https://consolemods.org/wiki/index.php?title=Xbox_360:RGH&oldid=41005"